Sapphire Werewolf polishes Amethyst stealer to attack over 300 companies


Since March 2024, the BI.ZONE Threat Intelligence team has been tracking the cluster of activity dubbed Sapphire Werewolf.

The threat actor targets Russia’s industries, such as education, manufacturing, IT, defense, and aerospace engineering. Over 300 attacks were carried out using Amethyst, an offshoot of the popular open‑source SapphireStealer. The attackers disguise the malware as an enforcement order, a Central Election Committee leaflet, and even as a decree from the President of Russia.

Read more…
Source: BI.ZONE


Sign up for our Newsletter


Related:

  • Malicious PowerPoint files used to push remote access trojans

    January 24, 2022

    Since December 2021, a growing trend in phishing campaigns has emerged that uses malicious PowerPoint documents to distribute various types of malware, including remote access and information-stealing trojans. According to a report by Netskope’s Threat Labs shared with Bleeping Computer before publication, the actors are using PowerPoint files combined with legitimate cloud services that host the ...

  • DHL, Microsoft, WhatsApp top phishing list of most imitated brands

    January 17, 2022

    DHL took over the top spot of Check Point Research’s list of the most imitated brands among cybercriminals this year, surpassing Microsoft and Google as the brand used most often in phishing emails and scams. The company’s Q4 Brand Phishing Report for 2021 ranks the top 10 most imitated brands in October, November and December. Researchers ...

  • New Flagpro malware linked to Chinese state-backed hackers

    December 28, 2021

    BlackTech cyber-espionage APT (advanced persistent threat) group has been spotted targeting Japanese companies using novel malware that researchers call ‘Flagpro’. The threat actor uses Flagpro in the initial stage of an attack for network reconnaissance, to evaluate the target’s environment, and to download second-stage malware and execute it. The infection chain begins with a phishing email crafted ...

  • Phishing incident causes data breach at West Virginia hospitals

    December 22, 2021

    A hospital system in West Virginia has suffered a data breach resulting from a phishing attack, which gave hackers access to several email accounts. Monongalia Health System — which runs Monongalia County General Hospital Company and Stonewall Jackson Memorial Hospital Company — said that hackers had access to several email accounts from May 10 to August ...

  • Russian hackers leak confidential UK police data on the ‘dark web’ after their ransom was rejected

    December 19, 2021

    Confidential information held by some of Britain’s police forces has been stolen by Russian hackers in an embarrassing security breach, The Mail on Sunday can reveal. The cyber-criminal gang Clop has released some of the material it plundered from an IT firm that handles access to the police national computer (PNC) on the so-called ‘dark web’ ...

  • Irish Health Service ransomware attack happened after one staffer opened malware-ridden email

    December 10, 2021

    Ireland’s Health Service Executive (HSE) was almost paralysed by ransomware after a single user opened a malicious file attached to a phishing email, a consultancy’s damning report has revealed. Issued today, the report from PWC (formerly known as PriceWaterhouseCoopers) said that the hugely harmful Conti ransomware infection was caused because of the simplest attack vector known ...